The Central Brigade for the Fight Against Cybercrime (BCLCC) in Burkina Faso has issued a high-alert fraud advisory after detecting a growing scam targeting Mobile Money users. This wave of attacks has already generated over 60 official complaints and caused estimated losses exceeding 10 million CFA francs. Cybersecurity professionals must pay attention now to advise on preventative measures.
In late July 2025, the BCLCC began tracking a novel scam where fraudsters impersonate mobile-operator agents to trick victims into updating their Mobile Money accounts. According to their technical unit, scammers first call the target, then send an SMS containing a malicious link under the guise of verifying an update. Victims are asked to input the SMS verification code, which scammers then use to reset passwords-granting full access to the electronic wallet.
Once access is achieved, attackers execute unauthorized withdrawals or even initiate transfers from linked bank accounts. As of 25 July 2025, the BCLCC has logged more than 60 complaints with estimated financial losses exceeding 10 million CFA francs.
Impact & Local Cybercrime Response
This scam is particularly alarming given the widespread use of Mobile Money across West Africa. In Burkina Faso, these services underpin much of informal commerce, making millions vulnerable to social-engineering attacks.
The BCLCC’s technical team urged users to remain vigilant:
- Do not click links in SMS messages claiming to come from your operator.
- Never share your verification code.
- If in doubt, reset your PIN immediately or contact your operator.
BCLCC also promoted its Alerte‑BCLCC platform, launched on 11 February 2025, enabling citizens to report suspicious activity online or via mobile apps (Playstore, Huawei AppGallery, Apple Store).
Regional & Global Context
While this alert concerns Burkina Faso, the scheme reflects broader global trends in Mobile Money fraud and digital wallet scams that have surged across Africa. Countries with similar mobile-operator ecosystems-such as Côte d’Ivoire, Ghana, Nigeria, and Senegal-should take note. Recent patterns show fraudsters leveraging low digital literacy and trust in telecom brands to phish verification codes or reset credentials.
Expert Commentary
Dr. Mariam Ouédraogo, cyber‑security researcher in Ouagadougou, notes:
“This kind of social‑engineering attack on Mobile Money users is increasingly sophisticated and emotionally manipulative. It’s vital that telecoms and regulators step up public awareness campaigns now.”
Jonathan Mensah, digital‑finance consultant in Accra, adds:
“Scams exploiting SMS flows and verification codes are old tactics, but combining phone calls and spoofed links enhances trust and success rates. Service providers must strengthen security services and user training.”
Actionable Takeaways for Cybersecurity Teams & Executives
- Run User Awareness Campaigns – Educate Mobile Money users about phishing techniques and the risks of sharing verification codes.
- Train Customer‑Support Teams – Ensure operator staff know how to respond to reported scams.
- SMS Filtering & Link Warnings – Telecoms should flag suspicious messages or block known phishing URLs.
- Enable Two‑Factor Authentication (2FA) – Where possible, allow secondary verification methods in wallets or linked accounts.
- Monitor Transaction Patterns – Set alerts for abrupt activity following password resets.
- Promote Official Reporting Channels – Encourage clients to report fraud via platforms like Alerte‑BCLCC.
- Strengthen Telecom‑Law Enforcement Cooperation – Operators and BCLCC should collaborate on takedown and traceability.
- Run Red‑Team Exercises – Simulate social-engineering attacks to test resilience across the ecosystem.
- Update Consumer Protection Regulations – National regulators must require transparency and warnings around SMS-based updates.
- Support Digital Literacy Initiatives – NGOs, operators, and governments should co-develop educational content.
Conclusion
This Mobile Money fraud scheme highlights the evolving threat of social-engineering attacks targeting electronic-wallet users. While centered in Burkina Faso, the tactics bear relevance across West and Central Africa where Mobile Money adoption is growing rapidly. Vigilance, user education, and operator cooperation remain the best defenses. To keep communities safe, digital trust must be actively nurtured through proactive security awareness and coordinated fraud prevention efforts.
Sources
- Sentinelle BF article on Mobile Money scam, 25 July 2025
- 24Heures BF coverage of complaints and financial losses
- NetAfrique.net report summarizing BCLCC alert, 27 July 2025
- Actualité BF summary of the scam and recommendations
- Sidwaya overview of Alerte‑BCLCC platform launch, February 2025
- AITN coverage of broader cybercrime trends in Burkina Faso
- CyberCory.com report on West African fraud trends